If you have as many locations as hotels, with frequent employee replacement, there is only one great solution.
That is the classic architecture. Some call it Mainframe, other calls it Citrix/Terminal server (with no Internet access from the remote desktop), yet other calls it WebApps.
There is NO reason why huge amounts of data should exist in a hotel branch, no way it should be exportable to a USB drive in a hotel near Kremlin. They are handling GDPR personal data, even sensitive data in some cases.
The only people who should have access to bulk data are IT staff at a central location, whose access is limited with MFA - preferable good MFA (Yubikey or equivalent).
Thus wrong design causes huge data loss thru a low level employee. Nothing new here. But I think EU should fine them 4% of their global turnover since it keeps happening, they clearly are not sufficient technical or organizational means in place, despite 2 earlier warnings.